- Coherent quotation style
Single quotes for text variable (even if implicit), no quotes for
variable and conditional statements, if not required.
- Some useful tags added:
* ssh_certs
renewal of server SSH certificates and configuration of authorized
CA.
* tls_pub
renewal of public TLS certificates (let's encrypt) and certbot
configuration.
* tls_int
renewal of internal TLS certificates (service authorizations) and
configuration of authorized internal CA.
*(ToDo: deployment of Certificate Revokation Lists)*
* lxc
deployment of new containers (deployment of configuration file
excluded, for instance change in ip address are always applied and
trigger a container restart even if you skip this tag.
* packages
installation and upgrade of software packages (apt, opkg or
tarballs)
* service_password
create new random password for services-only password, for routine
rotation. Not meant to be skipped (some roles need to know the
service password, so they do a rotation).
- prepare_host
- ssh_server
- lxc_guest
- ldap
- gitlab
- x509_subject_prefix
- x509_ldap_suffix
*Replaces:* x509_suffix in ldap.yaml
- letsencrypt_email
Used in roles/certbot and roles/gitlab
- root_ca_cert
*Replaces:* ssl_ca_cert and files/lilik_x1.crt
New defaults:
- ldap_domain | default: `${domain}`
- server_fqdn | default: `${hostname}.dmz.${domain}`
*Replaces:* fqdn_domain
Removed:
- fqdn_dmain
- x509_suffix
*Replaced by:* x509_ldap_suffix in common
New defaults:
- server_fqdn | default: `${hostname}.${domain}`
*Replaces*: fqdn
- ldap_domain | default: `${domain}`
- ldap_server | default: `ldap1.dmz.${domain}`
- ldap_basedn | default: `dn(${ldap_domain})`
- enable_https | default: `true`
New defaults:
- server_fqdn | default: `${hostname}.${domain}`
This role split the reverse proxy configuration in three files per
host. Every file belong to a different directory that is created on
the reverse proxy we use (nginx).